Approaches to electronic device security are described. A representation of user information describing a user device, visible in a graphical presentation of a user-specific polygraph via a graphical user interface (GUI) presented via a display device is generated. First information associated with the user is gathered. Second information indicating activity associated with the user that has been generated by an application executed on the electronic computing device is gathered. Determining whether the user of the electronic computing device has deviated from normal activity by correlating portions of the first information with portions of the second information. Directing the user to an approval workflow via the browser in response to a determination that the user has deviated from normal activity.
Legal claims defining the scope of protection, as filed with the USPTO.
. The method of, wherein links between different icons in the user-specific polygraph are enriched with data comprising at least links between a web browser application and endpoints providing information describing how long a connection has been established and how much data has been transferred since the connection was established, where at least a portion of the information describing links is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The method of, wherein the web browser application is depicted as being connected to different endpoints, which may be carried out through the usage of different tabs or different instances of the web browser application.
. The method of, wherein the information describing the user device comprises one or more of a device name, a label for the device.
. The method of, wherein the information describing the user comprises at least a user name or a user handle associated with the user represented as a user-specific polygraph, where at least a portion of the information describing user is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The method of, wherein the information describing the user comprises a location of the user via an identification of a city, geographical coordinates, an identification of a known location, or any other location information associated with the user as part of a user-specific polygraph, where at least a portion of the information describing user is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The method of, wherein the user-specific polygraph further comprises specific details regarding how a particular application is being used.
. A non-transitory computer-readable medium, having stored thereon instructions that, when executed by one or more hardware processors, cause a host electronic computing device to:
. The non-transitory computer-readable medium of, wherein links between different icons in the user-specific polygraph are enriched with data comprising at least links between a web browser application and endpoints providing information describing how long a connection has been established and how much data has been transferred since the connection was established, where at least a portion of the information describing links is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The non-transitory computer-readable medium of, wherein the web browser application is depicted as being connected to different endpoints, which may be carried out through the usage of different tabs or different instances of the web browser application.
. The non-transitory computer-readable medium of, wherein the information describing the user device comprises one or more of a device name, a label for the device.
. The non-transitory computer-readable medium of, wherein the information describing the user comprises at least a user name or a user handle associated with the user represented as a user-specific polygraph, where at least a portion of the information describing user is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The non-transitory computer-readable medium of, wherein the information describing the user comprises a location of the user via an identification of a city, geographical coordinates, an identification of a known location, or any other location information associated with the user as part of a user-specific polygraph, where at least a portion of the information describing user is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The non-transitory computer-readable medium of, wherein the user-specific polygraph further comprises specific details regarding how a particular application is being used.
. An electronic computing system comprising:
. The system of, wherein links between different icons in the user-specific polygraph are enriched with data comprising at least links between a web browser application and endpoints providing information describing how long a connection has been established and how much data has been transferred since the connection was established, where at least a portion of the information describing links is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The system of, wherein the web browser application is depicted as being connected to different endpoints, which may be carried out through the usage of different tabs or different instances of the web browser application.
. The system of, wherein the information describing the user device comprises one or more of a device name, a label for the device.
. The system of, wherein the information describing the user comprises at least a user name or a user handle associated with the user represented as a user-specific polygraph, where at least a portion of the information describing user is visible in a graphical presentation of the user-specific polygraph via the GUI.
. The system of, wherein the information describing the user comprises a location of the user via an identification of a city, geographical coordinates, an identification of a known location, or any other location information associated with the user as part of a user-specific polygraph, where at least a portion of the information describing user is visible in a graphical presentation of the user-specific polygraph via the GUI.
Complete technical specification and implementation details from the patent document.
This application claims the benefit of priority of U.S. Provisional Application No. 63,573,162, filed on Apr. 2, 2024, which is hereby incorporated by reference in its entirety for all purposes.
shows an illustrative configuration in which a data platform is configured to perform various operations with respect to a cloud environment that includes a plurality of compute assets.
shows an illustrative implementation of the configuration of.
illustrates an example computing device.
illustrates an example of an environment in which activities that occur within datacenters are modeled.
illustrates an example of a process, used by an agent, to collect and report information about a client.
illustrates a 5-tuple of data collected by an agent, physically and logically.
illustrates a portion of a polygraph.
illustrates a portion of a polygraph.
illustrates an example of a communication polygraph.
illustrates an example of a polygraph.
illustrates an example of a polygraph as rendered in an interface.
illustrates an example of a portion of a polygraph as rendered in an interface.
illustrates an example of a portion of a polygraph as rendered in an interface.
illustrates an example of a portion of a polygraph as rendered in an interface.
illustrates an example of a portion of a polygraph as rendered in an interface.
illustrates an example of an insider behavior graph as rendered in an interface.
illustrates an example of a privilege change graph as rendered in an interface.
illustrates an example of a user login graph as rendered in an interface.
illustrates an example of a machine server graph as rendered in an interface.
illustrates an example of a process for detecting anomalies in a network environment.
depicts a set of example processes communicating with other processes.
depicts a set of example processes communicating with other processes.
depicts a set of example processes communicating with other processes.
depicts two pairs of clusters.
is a representation of a user logging into a first machine, then into a second machine from the first machine, and then making an external connection.
is an alternate representation of actions occurring in.
illustrates an example of a process for performing extended user tracking.
is a representation of a user logging into a first machine, then into a second machine from the first machine, and then making an external connection.
illustrates an example of a process for performing extended user tracking.
illustrates example records.
illustrates example output from performing an ssh connection match.
illustrates example records.
illustrates example records.
illustrates example records.
illustrates example records.
illustrates an adjacency relationship between two login sessions.
illustrates example records.
illustrates an example of a process for detecting anomalies.
illustrates a representation of an embodiment of an insider behavior graph.
illustrates an embodiment of a portion of an insider behavior graph.
illustrates an embodiment of a portion of an insider behavior graph.
illustrates an embodiment of a portion of an insider behavior graph.
illustrates a representation of an embodiment of a user login graph.
illustrates an example of a privilege change graph.
illustrates an example of a privilege change graph.
illustrates an example of a user interacting with a portion of an interface.
illustrates an example of a dossier for an event.
illustrates an example of a dossier for a domain.
depicts an example of an Entity Join graph by FilterKey and FilterKey Group (implicit join).
Unknown
October 2, 2025
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.